It took Claude about 30 seconds to find what I’d been chasing for days.
I noticed my home network was being slow intermittently and for days I brushed it off as an ISP issue. Rebooting didn’t work, and I haven’t made any changes recently. It would slow down just enough to be annoying; streaming would buffer, services like Xbox multiplayer would randomly fail to connect. Trying again a few moments later would work and sometimes there wouldn’t be an issue at all.
I logged into my router / firewall admin interface and started to look at resource usage, logs or anything else I could find. However this time, the culprit was something I would have struggled to find without AI digging through my firewall logs.
My Setup
I have a fiber NID in bridged mode, forwarding all traffic to OPNSense as my home router and firewall. It’s powerful, open source, and runs on a Dell workstation with an i7, 8GB of memory, an SSD, and some Intel 10G NICs. This handles my 3Gbps connection with ease and I have room to grow.
My manual AI workflow of choice currently is Claude Code/Desktop. The opnsense-mcp-server gives Claude read access to firewall logs, interface stats, DHCP leases, and other network state. This has quickly become my go-to tool for diagnosing any network issues. One time I had it diagnose my DNS settings and it was able to optimize my entire setup — it fixed my forwarding rules, enabled caching, and increased the cache size with daily auto-expiration. The difference in DNS response time was noticeable.
You can also use it to do cool things like map out your network topology via mermaid, like I did below.
What Claude Found in 30 Seconds
I opened Claude Desktop and in my own words, described the symptoms with my network. I told it how my internet was randomly being slow as if my ISP was having connection issues. I asked it to look for anything out of the ordinary, and even to double check the DNS settings we changed together a few weeks earlier.
Within 30 seconds it flagged something interesting.
A single device on my LAN was hammering UDP port 54444 with an enormous volume of outbound packets. We’re talking thousands of packets per second, enough to saturate the network and cause the kind of degraded performance I was seeing. The traffic wasn’t leaving my network, it was just flooding it internally. The only identifier was a MAC address. No hostname. No helpful IP context. Just XX:XX:XX:XX:XX:XX sending a storm of UDP traffic to the broadcast address, which happened to be another device on the LAN, not external.
The fact that it was internal traffic was the lightbulb moment for me.
Investigation
I wondered why a device on my network would be flooding another with traffic. I checked the DHCP leases (I should have asked Claude), and no luck. The MAC address found earlier was not resolving to a hostname, so I had to start guessing what this device could be on my network.
Then I had an “Ah ha!” moment — it was probably my Alexa devices. I have two Amazon tablets mounted to the wall, acting as a home automation display. The other day when I walked past I noticed the screen was stuck on an announcement; my kids love to be silly and use these, along with our echo dots to broadcast funny messages. This stuck message in particular had something to do with “farting” as an example.
Upon restarting both tablets, I went back to Claude to tell me if that resolved the issue or not.
Culprit Confirmed
Claude reported that the firewall logs were clean, and the traffic was flowing again! I confirmed that the network performance recovered, the buffering had stopped, and everything seemed to work as it should.
Having an AI companion to quickly diagnose annoying network issues is a game-changer. If I had a consumer router, and no MCP connection, I’m not sure I would have found this very easily. I would have been frustrated and maybe even spent money I didn’t need to.
What I Learned
IoT devices are a wild card on your home network. I’ve always known this in the abstract, but watching Claude pull up a traffic graph and go “yeah, that device is flooding your LAN” made it concrete. Consumer devices don’t fail gracefully. They can get into weird states and stay there indefinitely.
AI + firewall logs is a genuinely powerful combination. I’m comfortable with networking concepts but I’m not a dedicated network engineer. I wouldn’t have thought to look at per-device UDP traffic volume. Claude did, because it was looking at the data without assumptions.
You don’t need to be an expert to get expert-level diagnostics. The OPNSense logs had the answer the whole time. The hard part was knowing what question to ask — and that’s exactly where AI earns its keep.
Repeatable process. Now when my network slows down, I have a workflow: open Claude Desktop, describe the symptoms, ask it to scan for anomalous traffic patterns. Five minutes versus hours of manual log spelunking.
Going Further
If you’re running OPNSense and want to set up a similar diagnostic workflow, the opnsense-mcp-server I use is a great starting point. The setup is straightforward if you’re comfortable with MCP in Claude Desktop.
If you’re not ready to go full AI-assisted diagnostics, at minimum I’d recommend:
- Segment IoT devices onto a separate VLAN. This provides logical separation and firewall control, but keep one thing in mind: VLANs share physical infrastructure (switches, router CPU, uplink). A flooded IoT VLAN can still overwhelm shared hardware and degrade other VLANs. It’s a necessary first step, not a complete isolation.
- Enable QoS (Quality of Service) on your router or switch. This is critical if you’re homelabbing on consumer hardware without redundant infrastructure. QoS rate-limits per port or per device, preventing one misbehaving IoT device from saturating your entire network.
- Set up traffic logging on your firewall. You can’t diagnose what you can’t see.
- Watch per-device bandwidth in your router’s dashboard when something feels off. Most modern firmware surfaces this somewhere.
My kids still use the Alexa tablets and will probably keep making house-wide announcements at inconvenient hours. But now when the network slows down, I know how to find out why — and it takes five minutes instead of an afternoon.
Thanks for reading! If you’ve set up something similar with OPNSense and Claude, I’d love to hear how you’re using it.